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Q focus: session initiation protocol: Makin g SIP make cents 
Jason Fischl, Hannes Tschofenig 
March 2007 Queue, Volume 5 Issue 2 

Publisher: ACM Press 

Full text available: ^]pdf( 546.72 KB ) Additional Information: full citation , abstract , references , index terms 
P2P payments using SIP could enable new classes of applications and business models. 



2 Introduction of the asymmetric cryptograph in GSM, GPRS, UMTS, and its p u blic fg§ 

key infrastructure integ ra tion 

Constantinos F. Grecas, Sotirios I. Maniatis, Iakovos S. Venieris 
April 2003 Mobile Networks and Applications, volume 8 issue 2 
Publisher: Kluwer Academic Publishers 

Full text available: ^| pdf( 107.24 KB) Additional Information: full citation , abstract , references , index terms 

The logic ruling the user and network authentication as well as the data ciphering in the 
GSM architecture is characterized, regarding the transferring of the parameters employed 
in these processes, by transactions between three nodes of the system, that is the MS, 
actually the SIM, the visited MSC/VLR, and the AuC, which is attached to the HLR in most 
cases. The GPRS and the UMTS architecture carry the heritage of the GSM's philosophy 
regarding the user/network authentication and the data ciphe ... 

Keywords: PKIs, PLMNs, asymmetric cryptography 



G I P: an infrastructure for mobile intranets deploy men t 
Constantinos F. Grecas, Sotirios I. Maniatis, Iakovos S. Venieris 
July 2003 Wireless Networks, volume 9 issue 4 
Publisher: Kluwer Academic Publishers 

Full text available: ^[pdf(729.68 KB) Additional Information: full citation, abstract, references, index terms 

The GPRS and UMTS specifications define the procedures supporting the mobility and the 
data sessions of a mobile user moving within the area of the corresponding PLMNs. For the 
case, though, of mobile users working in group, using a PLMN infrastructure, the 
aforementioned networks foresee no special treatment. However, services tightly related 
to a specific geographic area, like for example security or surveillance services, could be 
implemented by a group of collaborating Mobile Nodes forming a ... 

Keywords: GPRS, UMTS, mobile intranets 
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Unicast a n d Multicast in Next Generation Wireless Networks: Multicast in 3G 



networks:: em plo yment of existin g IP multicast protocols in UMTS 
Mariann Hauge, 0yvind Kure 

September 2002 Proceedings of the 5th ACM international workshop on Wireless 
mobile multimedia WOWMOM '02 

Publisher: ACM Press 

i- it ♦ ^ -i ki 0 #-if/oQo nc i/d\ Additional Information: f ull citation , abstract, references, citings, index 

Full text available: TS3 pdf( 338.06 KB) 

^ terms 

In this article we discuss the use of commonly deployed IP multicast protocols in UMTS 
networks. We analyze three possible UMTS multicast architectures, all employing standard 
IP multicast protocols. We study the architectures' ability to handle: group management, 
data-security, authentication and authorization of multicast source/receivers, multicast 
session identification, terminal mobility and collection of billing data. For one of the 
architectures we quantify the performance of the design f ... 

Keywords: IGMP, SSM, UMTS, multicast, wireless internet 



Using certified p o licies to regulate E-comme rce t r a ns a c ti on s 
Victoria Ungureanu 

February 2005 ACM Transactions on Internet Technology (TOIT), volume 5 issue i 
Publisher: ACM Press 



Full text available: f|pdf(4 04. 92 KB ) 



Additional Information: full citation , abstract , references , citings , index 
terms , review 



E-commerce regulations are usually embedded in mutually agreed upon contracts. 
Generally, these contracts enumerate agents authorized to participate in transactions, and 
spell out such things like rights and obligations of each partner, and terms and conditions 
of the trade. An enterprise may be concurrently bound by a set of different contracts that 
regulate the trading relations with its various clients and suppliers. This set is dynamic 
because new contracts are constantly being established, ... 

Keywords: Contract terms, Enforcement, Scalability 



GIP: an infrastructure for mobile intranets development 
Constantinos F. Grecas, Sotirios I. Maniatis, Iakovos S. Venieris 

July 2001 Proceedings of the first workshop on Wireless mobile internet WMI '01 
Publisher: ACM Press 

Full text available* df(566 62 KB) Additional Information: full citation , abstract , references, citings, index 
u e aval a e.-[®] p terms 

The GPRS and UMTS specifications define the procedures supporting the mobility and the 
data sessions of a mobile user moving within the area of the corresponding PLMNs. For the 
case, though, of mobile users working in group, using a PLMN infrastructure, the 
aforementioned networks foresee no special treatment. However, services tightly related 
to a specific geographic area, like for example security or surveillance services, could be 
implemented by a group of collaborating Mobile Nodes f ... 

Keywords: GPRS, UMTS, mobile intranet 



Delegation logic: A logic-based approach to diMributed authorization 

Ninghui Li, Benjamin N. Grosof, Joan Feigenbaum 

February 2003 ACM Transactions on Information and System Security (TISSEC), volume 

6 Issue 1 
Publisher: ACM Press 

Full text available: S pdf( 316.24 KB ) Additional Information: full citation, abstract, references, citings, index 
^ terms 

We address the problem of authorization in large-scale, open, distributed systems. 
Authorization decisions are needed in electronic commerce, mobile-code execution, remote 
resource sharing, privacy protection, and many other applications. We adopt the trust- 
management approach, in which "authorization" is viewed as a "proof-of -compliance" 



problem: Does a set of credentials prove that a request complies with a policy?We develop 
a logic-based language, called Delegation Logic (DL), t ... 

Keywords: Access control, Delegation Logic, distributed system security, logic programs, 
trust management 



8 O n in terdoma i n ro ut i n g securi t y and pret ty secure BGP (psBGP) 
P.C. van Oorschot, Tao Wan, Evangelos Kranakis 

July 2007 ACM Transactions on Information and System Security (TISSEC), volume 10 

Issue 3 
Publisher: ACM Press 

Full text available: pdf( 469.49 KB) Additional Information: full citation , abstract , references , index terms 

It is well known that the Border Gateway Protocol (BGP), the IETF standard interdomain 
routing protocol, is vulnerable to a variety of attacks, and that a single misconfigured or 
malicious BGP speaker could result in large-scale service disruption. In this paper, we 
present Pretty Secure BGP (psBGP)-a proposal for securing BGP, including an 
architectural overview, design details for significant aspects, and preliminary security and 
operational analysis. psBGP differs from other secur ... 

Keywords: BGP, authentication, certificates, interdomain routing, public-key 
infrastructure, secure routing protocols, trust 




Unlinkable serial transactions: protocols and applications 
Stuart G. Stubblebine, Paul F. Syverson, David M. Goldschlag 

November 1999 ACM Transactions on Information and System Security (TISSEC), 

Volume 2 Issue 4 
Publisher: ACM Press 

• in . 0 ., H0/I07 Additional Information: full citation , abstra ct, references , citin gs, index 

Full text available: 153 pdf( 184.87 KB) t . ~~ 

l£3 ' terms, review 

We present a protocol for unlinkable serial transactions suitable for a variety of network- 
based subscription services. It is the first protocol to use cryptographic blinding to enable 
subscription services. The protocol prevents the service from tracking the behavior of its 
customers, while protecting the service vendor from abuse due to simultaneous or cloned 
use by a single subscriber. Our basic protocol structure and recovery protocol are robust 
against failure in protocol termination. ... 

Keywords: anoymity, blinding, cryptographic protocols, unlinkable serial transactions 



10 Certificate-based au thori z ation policy in a PKI environment 
Mary R. Thompson, Abdelilah Essiari, Srilekha Mudumbai 

November 2003 ACM Transactions on Information and System Security (TISSEC), 

Volume 6 Issue 4 
Publisher: ACM Press 

Full text available: « pdf( 233.63 KB ) Additional Information: full citation , abstract, references , citings, index 
^ terms 

The major emphasis of public key infrastructure has been to provide a cryptographically 
secure means of authenticating identities. However, procedures for authorizing the holders 
of these identities to perform specific actions still need additional research and 
development. While there are a number of proposed standards for authorization structures 
and protocols such as KeyNote, SPKI, and SAML based. on X.509 or other key-based 
identities, none have been widely adopted. As part of an effort to us ... 

Keywords: Public key infrastructure, XML, digital certificates 



11 Automating the small purchase solicitation cycle for non-EDI tradin g partners usin g 

Internet technolo g ies 
Kenneth W. Copeland, C. Jinshong Hwang 



April 1997 Proceedings of the 1997 ACM SIGCPR conference on Computer personnel 
research SIGCPR '97 

Publisher: ACM Press 

Full text available: pdf (843.27 KB) Additional Information: full citation, references , index terms 



12 Just fast ke ying: Key a greement in a hostile internet 

William Aiello, Steven M. Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D. 
Keromytis, Omer Reingold 

May 2004 ACM Transactions on Information and System Security (TISSEC), volume 7 

Issue 2 
Publisher: ACM Press 

Fulltextavailable:1SBdf(m39KB) Additi ° na ' lnformation: fu " citation - Terences , citings, jndex 

terms 

We describe Just Fast Keying (JFK), a new key-exchange protocol, primarily designed for 
use in the IP security architecture. It is simple, efficient, and secure; we sketch a proof of 
the latter property. JFK also has a number of novel engineering parameters that permit a 
variety of tradeoffs, most notably the ability to balance the need for perfect forward 
secrecy against susceptibility to denial-of-service attacks. 

Keywords: Cryptography, denial-of-service attacks 



13 A composable framework for secure multi-modal access t o internet services from 
P o s t-PC devices 

Steven J. Ross, Jason L. Hill, Michael Y. Chen, Anthony D. Joseph, David E. Culler, Eric A. 
Brewer 

October 2002 Mobile Networks and Applications, volume 7 issue 5 
Publisher: Kluwer Academic Publishers 

Full text available:"® pdf(34033KB) Additional ,nformatlon: f «^' references, citings, index 

m ' terms , review 

The Post-PC revolution is bringing information access to a wide range of devices beyond 
the desktop, such as public kiosks, and mobile devices like cellular telephones, PDAs, and 
voice based vehicle telematics. However, existing deployed Internet services are geared 
toward the secure rich interface of private desktop computers. We propose the use of an 
infrastructure-based secure proxy architecture to bridge the gap between the capabilities 
of Post-PC devices and the requirements of internet ser ... 

Keywords: internet, middleware, post-PC, security, transcoding 



14 COCA: A secure distributed online certification authorit y 
^ Lidong Zhou, Fred B. Schneider, Robbert Van Renesse 

>^ November 2002 ACM Transactions on Computer Systems (TOCS), volume 20 issue 4 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings, index 



Full text available:' , r - ^ 

^ terms 

COCA is a fault-tolerant and secure online certification authority that has been built and 
deployed both in a local area network and in the Internet. Extremely weak assumptions 
characterize environments in which COCA'S protocols execute correctly: no assumption is 
made about execution speed and message delivery delays; channels are expected to 
exhibit only intermittent reliability; and with 3t + 1 COCA servers up to t may be faulty or 
compromised. COCA is the first system to integr ... 

Keywords: Byzantine quorum systems, Certification authority, denial of service, proactive 
secret-sharing, public key infrastructure, threshold cryptography 



15 Ob j ectGlobe: Ubiquitous quer y processin g on the Interne t 

R. Braumandl, M. Keidl, A. Kemper, D. Kossmann, A. Kreutz, S. Seltzsam, K. Stocker 



August 2001 The VLDB Journal — The International Journal on Very Large Data 

Bases, Volume 10 Issue 1 
Publisher: Springer-Verlag New York, Inc. 

Full text available: ^] pdf (251 .44 KB) Additional Information: full citation , abstract , citing s, index terms 

We present the design of ObjectGlobe, a distributed and open query processor for Internet 
data sources. Today, data is published on the Internet via Web servers which have, if at 
all, very localized query processing capabilities. The goal of the ObjectGlobe project is to 
establish an open marketplace in which data and query processing capabilities can be 
distributed and used by any kind of Internet application. Furthermore, ObjectGlobe 
integrates cycle providers (i.e., machi ... 

Keywords: Cycle-, function- and data provider, Distributed query processing, Open 
systems, Privacy, Quality of service, Query optimization, Security 



16 An Internet multicast system for the stock mark et 

yfc. August 2001 ACM Transactions on Computer Systems (TOCS), Volume 19 issue 3 
^ Publisher: ACM Press 

i- in ^ u « , wooc OQ . m Additional Information: full citation, abstract, references .index terms, 

Full text available: TO pdf 296.8 8 KB - - ; 

^ review 

We are moving toward an international, 24-hour, distributed, electronic stock exchange. 
The exchange will use the global Internet,, or internet technology. This system is a natural 
application of multicast because there are a large number of receivers that should receive 
the same information simultaneously. The data requirements for the stock exchange are 
discussed. The current multicast protocols lack the reliability, fairness, and scalability 
needed in this application. We describe a distr ... 

Keywords: multicast 



17 Trust manag e ment for IP se c 

May 2002 ACM Transactions on Information and System Security (TISSEC), volume 5 

Issue 2 
Publisher: ACM Press 



Full text available: ^|pdf(321.98 KB) 



Additional Information: full ci t ati o n, abstract, references, ci ti ngs, index 
terms , review 



IPsec is the standard suite of protocols for network-layer confidentiality and authentication 
of Internet traffic. The IPsec protocols, however, do not address the policies for how 
protected traffic should be handled at security end points. This article introduces an 
efficient policy management scheme for IPsec, based on the principles of trust 
management. A compliance check is added to the IPsec architecture that tests packet 
filters proposed when new security associations are created for confo ... 

Keywords: Credentials, IPsec, KeyNote, network security, policy, trust management 



18 R ethink ing the desi g n of the Internet: the end-to-end ar gu m en ts vs. the brave new 
world 

Marjory S. Blumenthal, David D. Clark 

August 2001 ACM Transactions on Internet Technology (TOIT), volume l issue l 
Publisher: ACM Press 

Full text available* 13 pdf( 1 76 33 KB) Additlonal Information: full citation , abstract , references , citings, index 
u : terms 

This article looks at the Internet and the changing set of requirements for the Internet as 
it becomes more commercial, more oriented toward the consumer, and used for a wider 
set of purposes. We discuss a set of principles that have guided the design of the Internet, 
called the end-to-end arguments, and we conclude that there is a risk that the range of 
new requirements now emerging could have the consequence of compromising the 
Internet's original design principles. Were ... 



Keywords: ISP, Internet, end-to-end argument 



19 Loca ti on mana geme n t for mo bile commerce a pplic ations in w irel ess I n t ernet 
^ environment 
^ Upkar Varshney 

August 2003 ACM Transactions on Internet Technology (TOIT), volume 3 issue 3 
Publisher: ACM Press 

Full text available:1^pdf(63aQ0KB) Additi ° nal lnformation: fu " citation ' references , citings, index 

^ terms 

With recent advances in devices, middleware, applications and networking infrastructure, 
the wireless Internet is becoming a reality. We believe that some of the major drivers of 
the wireless Internet will be emerging mobile applications such as mobile commerces 
Although many of these are futuristic, some applications including user-and location- 
specific mobile advertising, location-based services, and mobile financial services are 
beginning to be commercialized. Mobile commerce applications pre ... 

Keywords: Mobile commerce, infrastructure dependability, location management, mobile 
applications, satellites, wireless Internet, wireless LANs, wireless multicast 



20 Session 2: secure Web services: Desi g ning a distributed access control processor for J 

network services on the Web 
Reiner Kraft 

November 2002 Proceedings of the 2002 ACM workshop on XML security XMLSEC '02 
Publisher: ACM Press 

Full text available: f )pdff301.14KB l Additional '"formation: ful^ation , abstract, references , citings, index 

The service oriented architecture (SOA) is gaining more momentum with the advent of 
network services on the Web. A programmable and machine accessible Web is the vision 
of many,and might represent a step towards the semantic Web. However, security is a 
crucial requirement for the serious usage and adoption of the Web services technology. 
This paper enumerates design goals for an access control model for Web services. It then 
introduces an abstract general model for Web services components, along ... 




Keywords: Web services, XML, access control, security 
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1 Introduction of the asymmetric cry ptogra phy in GSM , GPRS , UMTS , and its public 
ke y infrastructure inte g ration 

Constantinos F. Grecas, Sotirios I. Maniatis, Iakovos S. Venieris 
April 2003 Mobile Networks and Applications, volume 8 issue 2 
Publisher: Kluwer Academic Publishers 

Full text available: ^pdf(1 0 7.24 KB) Additional Information: f u ll ci tation, abstract, re fe r en ces, index terms 

The logic ruling the user and network authentication as well as the data ciphering In the 
GSM architecture is characterized, regarding the transferring of the parameters employed 
in these processes, by transactions between three nodes of the system, that is the MS, 
actually the SIM, the visited MSC/VLR, and the AuC, which is attached to the HLR in most 
cases. The GPRS and the UMTS architecture carry the heritage of the GSM f s philosophy 
regarding the user/network authentication and the data ciphe ... 

Keywords: PKIs, PLMNs, asymmetric cryptography 



GIP: an infrastructure fo r mobile intranets deployment 

Constantinos F. Grecas, Sotirios I. Maniatis, Iakovos S. Venieris 
July 2003 Wireless Networks, volume 9 issue 4 
Publisher: Kluwer Academic Publishers 

Full text available: ^| pdf(729.68 KB) Additional Information: full citation , abstract , references, index terms 

The GPRS and UMTS specifications define the procedures supporting the mobility and the 
data sessions of a mobile user moving within the area of the corresponding PLMNs. For the 
case, though, of mobile users working in group, using a PLMN infrastructure, the 
aforementioned networks foresee no special treatment. However, services tightly related 
to a specific geographic area, like for example security or surveillance services, could be 
implemented by a group of collaborating Mobile Nodes forming a ... 



Keywords: GPRS, UMTS, mobile intranets 



3 GIP: an infrastruc ture for mobile int r ane ts de velo pment 
Constantinos F. Grecas, Sotirios I. Maniatis, Iakovos S, Venieris 

July 2001 Proceedings of the first workshop on Wireless mobile internet WMI '01 
Publisher: ACM Press 

Full text available* f 5 *) pdf(566 62 KB) Addit ' onaI Information: full citation , abstract, references, citings, index 
' ^ ~ ter ms 

The GPRS and UMTS specifications define the procedures supporting the mobility and the 
data sessions of a mobile user moving within the area of the corresponding PLMNs. For the 
case, though, of mobile users working in group, using a PLMN infrastructure, the 
aforementioned networks foresee no special treatment. However, services tightly related 
to a specific geographic area, like for example security pr surveillance services, could be 




implemented by a group of collaborating Mobile Nodes f . 
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In this article we discuss the use of commonly deployed IP multicast protocols in UMTS 
networks. We analyze three possible UMTS multicast architectures, all employing standard 
IP multicast protocols. We study the architectures' ability to handle: group management, 
data-security, authentication and authorization of multicast source/receivers, multicast 
session identification, terminal mobility and collection of billing data. For one of the 
architectures we quantify the performance of the design f ... 

Keywords: IGMP, SSM, UMTS, multicast, wireless internet 
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The Global System for Mobile Communications (GSM) is widely recognized as the modern 
digital mobile network architecture. Increasing market demands point toward the 
relevancy of security-related issues in communications. The security requirements of 
mobile communications for the mobile users include: (1) the authentication of the mobile 
user and Visitor Location Register/Home Location Register; (2) the data confidentiality 
between mobile station and Visitor Location Register, and the data c ... 
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We address the problem of authorization in large-scale, open, distributed systems. 
Authorization decisions are needed in electronic commerce, mobile-code execution, remote 
resource sharing, privacy protection, and many other applications. We adopt the trust- 
management approach, in which "authorization" is viewed as a "proof -of -compliance" 
problem: Does a set of credentials prove that a request complies with a policy?We develop 
a logic-based language, called Delegation Logic (DL), t ... 
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The term information portals refers to Web sites that serve as main providers of focused - 
information, gathered from distributed data sources. Gathering and disseminating 
information through information portals introduce new security challenges. In particular, 
the authorization specifications, as well as the granting process, are temporal by nature. 
Also, more often than not, the information provided by the portal is in fact derived from 
more than one backend data source. Therefore, any au ... 
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In recent years, workflow management systems (WFMSs) have gained popularity in both 
research and commercial sectors. WFMSs are used to coordinate and streamline business 
processes. Very large WFMSs are often used in organizations with users in the range of 
several thousands and process instances in the range of tens and thousands. To simplify 
the complexity of security administration, it is common practice in many businesses to 
allocate a role for each activity in the process and then assig ... 
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In this article, we present an authorization model that can be used to express a number of 
discretionary access control policies for relational data management systems. The model 
permits both positive and negative authorizations and supports exceptions at the same 
time. The model is flexible in that the users can specify, for each authorization they grant, 
whether the authorization can allow for exceptions or whether it must be strongly obeyed. 
It provides authorization management for group ... 
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The conventional models of authorization have been designed for database systems 
supporting the hierarchical, network, and relational models of data. However, these 
models are not adequate for next-generation database systems that support richer data 
models that include object-oriented concepts and semantic data modeling concepts. 
Rabltti, Woelk, and Kim [14] presented a preliminary model of authorization for use as the 
basis of an authorization mechanism in such database systems. In this p ... 
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We present a consistency analysis approach to assist the Linux community in verifying the 
correctness of authorization hook placement in the Linux Security Modules (LSM) 
framework. The LSM framework consists of a set of authorization hooks inserted into the 
Linux kernel to enable additional authorizations to be performed (e.g., for mandatory 
access control). When compared to system call interposition, authorization within the 
kernel has both security and performance advantages, but it is more di ... 
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Public key management has received considerable attention from both the research and 
commercial communities as a useful primitive for secure electronic commerce and secure 
communication. While the mechanics of certifying and revoking public keys and escrowing 
and recovering private keys have been widely explored, less attention has been paid to 
access control frameworks for regulating access to stored keys by different parties. In this 
article we propose such a framework for a key management ser ... 

Keywords: Access control, authorizations specification and enforcement, public key 
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In large organizations the administration of access privileges (such as the assignment of 
access rights to a user in a particular role) is handled cooperatively through distributed 
administrators in various different capacities. A quorum may be necessary, or a veto may 
be possible for such a decision. In this paper, we present two major contributions: We 
develop a role-based access control (RBAC) approach for specifying distributed 
administration requirements, and procedures between admin ... 
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Mobility is one of the most invigorating features, having an enormous impact on how 
communication is evolving into the future. Mobility in 4G networks requires new level of 
mobility support as compared to traditional mobility. There is plenty of related research on 
mobility in next generation networks, which promises support for emerging ambient and 
ubiquitous communications. This paper aims to identify and explore the different issues 
and challenges related to mobility management in 4G heteroge ... 
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The major emphasis of public key infrastructure has been to provide a cryptographically 
secure means of authenticating identities. However, procedures for authorizing the holders 
of these identities to perform specific actions still need additional research and 
development. While there are a number of proposed standards for authorization structures 
and protocols such as KeyNote, SPKI, and SAML based on X.509 or other key-based 
identities, none have been widely adopted. As part of an effort to us ... 
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The Flexible Authorization Framework (FAF) defined by Jajodia et al. [2001] provides a 
policy-neutral framework for specifying access control policies that is expressive enough to 
specify many known access control policies. Although the original formulation of FAF 
indicated how rules could be added to or deleted from a FAF specification, it did not 
address the removal of access permissions from users. We present two options for 
removing permissions in FAF and provide details on the option which ... 
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A multiuser database system must selectively permit users to share data, while retaining 
the ability to restrict data access. There must be a mechanism to provide protection and 
security, permitting information to be accessed only by properly authorized users. Further, 
when tables or restricted views of tables are created and destroyed dynamically, the 
granting, authentication, and revocation of authorization to use them must also be 
dynamic. Each of these issues and their solutions in the ... 

Keywords: access control, authorization, data dependent authorization, database 
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E-commerce regulations are usually embedded in mutually agreed upon contracts. 
Generally, these contracts enumerate agents authorized to participate in transactions, and 
spell out such things like rights and obligations of each partner, and terms and conditions 
of the trade. An enterprise may be concurrently bound by a set of different contracts that 
regulate the trading relations with its various clients and suppliers. This set is dynamic 
because new contracts are constantly being established, ... 
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Constraints are an important aspect of role-based access control (RBAC) and are often 
regarded as one of the principal motivations behind RBAC. Although the importance of 
contraints in RBAC has been recogni zed for a long time, they have not recieved much 
attention. In this article, we introduce an intuitive formal language for specifying role- 
based authorization constraints named RCL 2000 including its basic elements, syntax, and 
semantics. We give soundness and completeness pr ... 
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